---

# Name of this instance. Will control the name of the service and of various default settings (like DB name etc.)
# You must use different instance names if you want to run several copies on the same cluster
instance: onlyoffice

oo:

  # Document Services
  ds:

    # Version of OnlyOffice
    version: 8.0.1

    # Docker image to use
    image: '[[ .docker.repo ]]onlyoffice-docserver:[[ .oo.ds.version ]]-2'

    # Resource allocation for OnlyOffice itself
    resources:
      cpu: 300
      memory: 512

    # The URL where OnlyOffice is available
    public_url: https://oods.example.org

    vault:
      # Vault policies to attach to the task
      policies:
        - '[[ .instance ]][[ .consul.suffix ]]'
      # Random secrets to generate
      rand_secrets:
        fields:
          - jwt_token
          - storage_secret

    # Additional env vars to set in the container
    env:
      OO_STORAGE_SECRET: '{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.storage_secret }}{{ end }}'
      OO_JWT_TOKEN: '{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.jwt_token }}{{ end }}'

    # Controls how the service will be exposed with Traefik
    traefik:
      enabled: true

      # OnlyOffice needs some specific CSP rules
      csp:
        img-src: "'self' data: https://*"
        script-src: "'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://www.youtube.com/ https://*.cloudfront.net https://cdn.rawgit.com https://code.jquery.com https://translate.googleapis.com https://code.responsivevoice.org https://cdn.jsdelivr.net https://onlyoffice.github.io"
        style-src: "'self' 'unsafe-inline' data: https://fonts.googleapis.com https://translate.googleapis.com https://onlyoffice.github.io"
        font-src: "'self' data: https://fonts.googleapis.com https://fonts.gstatic.com"
        connect-src: "'self' https://www.zotero.org https://cdn.jsdelivr.net https://cdn.rawgit.com https://translate.googleapis.com https://code.responsivevoice.org https://onlyoffice.github.io"
        media-src: "'self' https://code.responsivevoice.org"
        frame-src: "'self' https://www.youtube.com https://onlyoffice.github.io"

    # Wait for the database server to be ready before starting
    wait_for:
      - service: 'master.postgres[[ .consul.suffix ]]'

    # Connect to the database server with the mesh
    consul:
      connect:
        upstreams:
          - destination_name: 'postgres[[ .consul.suffix ]]'
            local_bind_port: 5432

  # Rabbitmq service
  rabbitmq:
    # Docker image to use
    image: rabbitmq:alpine

    # Additional env vars to set in the container
    env: {}

    # Resource allocation
    resources:
      cpu: 200
      memory: 156

  # Volume used
  volumes:
    # This is for DocumentServer Data
    data:
      type: csi
      source: '[[ .instance ]]-data'

    # This is for RabbitMQ
    rabbitmq:
      type: csi
      source: '[[ .instance ]]-rabbitmq'